Overview

overview

10

Static

static

10

3aecd39225...69.exe

windows7-x64

10

3aecd39225...69.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3aecd39225de5f274e45c1f200754a0d5f98eba87d54328bab30de1f2c629a69

  • Size

    916KB

  • MD5

    c18aa87310422a593b3f7da5e5bb6484

  • SHA1

    6e91dc3fd926f6eef6c88f94ef06e87cb6a4f29a

  • SHA256

    3aecd39225de5f274e45c1f200754a0d5f98eba87d54328bab30de1f2c629a69

  • SHA512

    e2ee610656e0b5b4610ea5728efbd579811d29e6fb9c0eafa9653fd6df66baca7544294d9f923e643e25007a5375208aa95f52350e64aebfecd929080da42d76

  • SSDEEP

    12288:6XBM21gsgPktzYX7dG1lFlWcYT70pxnnaaoawp7ueuRAKrZNrI0AilFEvxHvBMBL:luQ4MROxnFJ9JrZlI0AilFEvxHiTDp

Score
10/10
orcus

Malware Config

Extracted

Family

orcus

C2

192.168.0.150:8848

Mutex

104ac7067d804737b655e3e0f14f31f4

Attributes
  • autostart_method

    Registry

  • enable_keylogger

    true

  • install_path

    %programfiles%\Orcus\Orcus.exe

  • reconnect_delay

    10000

  • registry_keyname

    Orcus

  • taskscheduler_taskname

    Orcus

  • watchdog_path

    AppData\OrcusWatchdog.exe

Signatures

  • Orcurs Rat Executable 1 IoCs
  • Orcus family
    orcus
  • Orcus main payload 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 3aecd39225de5f274e45c1f200754a0d5f98eba87d54328bab30de1f2c629a69
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections